ZmCIRT receives information regarding cyber security incidents, triage incidents and coordinate response. The incident handling unit provides following services:
Vulnerability Assessment
Constantly performing vulnerability
assessment to find and measure the severity of vulnerabilities on assets
located in the country as well as these activities can be provided to
the constituency on a special official request.
Penetration Test
Performs penetration test to breach security
defenses on assets as well as provides the remediation for vulnerabilities by
signing rules of engagement with constituency.
Incident Analysis
Analyze incident evidence to find out the
root cause of how the attack has been made by the attacker and provides the best
practice guidance in order to prevent further attacks.
Security Threat Notification
Receives cyber security threat
information like zero-day vulnerability, malware information, ransomware infection
details etc. from trusted sources, filters and distributes them among the
constituency.
Incident Coordination
Receives incident notification related
to ZmCIRT ’s constituent networks from trusted CERT communities and
forward those incidents to the concern constituents for mitigation.
Benefits:
Incident Handling workflow:
Ongoing Service:
Providing monthly threat intelligence report based on network forensic and feed data
ZmCIRT performs cyber security risk assessment for Critical Information Infrastructure (CIIs), this includes identifying, analyzing and evaluating risks. It helps CII Operators to ensure that the cyber security controls they choose are appropriate to the risks they are facing.
Risk Assessment workflow:
ZmCIRT performs threat monitoring to continuously monitor endpoints for signs of security threats such as attempts at intrusions or data exfiltration using a honey pot sensor.
The honeypot looks like a real computer system, with applications and data, fooling cybercriminals into thinking it's a legitimate target. For example, a honeypot could mimic a company's customer billing system - a frequent target of attack for criminals who want to find credit card numbers. Once the hackers are in, they can be tracked, and their behavior assessed for clues on how to make the real network more secure.
Honeypots are made attractive to attackers by building in deliberate security vulnerabilities. For instance, a honeypot might have ports that respond to a port scan or weak passwords. Vulnerable ports might be left open to entice attackers into the honeypot environment, rather than the more secure live network.
A honeypot isn't set up to address a specific problem, like a firewall or anti-virus. Instead, it's an information tool that can help you understand existing threats to your business and spot the emergence of new threats. With the intelligence obtained from a honeypot, security efforts can be prioritized and focused.
Forensic Lab established with the purpose of forensic investigation of digital evidence. It helps Law Enforcement as reactive service after an incident occurs by providing forensic support on evidence included in the incident. Digital Forensic team is also capable of recovery and investigation of material found in digital device including mobile, PC or any IOT’s or computational devices. The objective of CIRT LAB is also to build capacity of government officials who are keenly interested in cyber security and digital forensic.
Benefits:
Helps Law Enforcement as reactive service after an incident occurs by providing forensic support on evidence.
Build capacity of government officials on Cyber Security
Criminal prosecutors – Rely on evidence obtained from a computer to prosecute suspects and use as evidence
Civil litigation- Personal and business data discovered on a computer can be used in fraud, harassment or discrimination cases
Financial Organizations – Evidence discovered on computer can be used to mollify costs
Law enforcement officials – Rely on computer forensics to backup search warrants and post-seizure handling
CIRT Lab Capabilities:
Computer Forensic – Can be used to recover important data, deleted logs, any criminal activities which is deleted intentionally
Mobile Forensic – Mobile device forensic investigation to detect any criminal activities performed in mobile device
Network Forensic – monitoring and analysis of computer network traffic for the purposes of information gathering of network anomaly, legal evidence, or intrusion detection.
Service Workflow follows:
Awareness is the capacity to know and experience events directly, to sense them, and to be cognizant of them. In a broader sense, it is the state of being aware of something. The primary objective of understanding is to educate the end user about the emerging cyber threat and how it can be mitigated. It is extremely difficult to inform any person about every cyber security or cyber threat event and to keep them informed on a continuous basis.
Additionally, ZmCIRT works to raise consciousness for its constituents. It creates flyers, leaflets, newsletters, and web pages to educate the public on security best practices and to provide guidance on steps to take.
For stakeholders, awareness articles are written. Reports on the evaluation of stakeholder application, including vulnerability and deficiency, are regularly written. Additionally, the company publishes quarterly, semi-annual, and annual reports.
ZmCIRT hosts lectures, seminars, and conferences for the sake of its constituents. To prepare stakeholders, it organizes various levels of training sessions for various stakeholder types. The teaching maintains the stakeholder's understanding of current security threats and future challenges to information security.
Copyright @2023 ZAMBIA CIRT